• 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle

  • By which component is the password truncated on account-creation? Imo, the web UI shouldn’t do that without at least warning the user. Such long passwords might be a corner-case, but if the UI changes the password in any way before submitting it to the server, I think the user should see a big fat red notification. What if an account was created using a different client? The user wouldn’t be able to log in using the web-ui because the web-ui refuses to send the unmodified password?

    If the password is truncated server-side during account creation, the server should do the same during login, the UI or client wouldn’t even have to know about it.